In personal computer (PC) systems, system management mode (SMM) is an operating mode of x86-family central processor units (CPUs) in which all normal execution, including the operating system, is suspended and special system software is executed with high privileges. SMM is generally used handling system-wide functions like power management, system hardware control, operating system (OS) validation, cryptography, or proprietary original equipment manufacturer (OEM)-designed code. SMM is generally used only by system firmware, not by applications or general-purpose systems software. A benefit of SMM is that it offers a distinct and isolated computing environment that operates independently of the operating system, hypervisor, or application software.
However, in recent years SMM has increasingly become an attack vector for malware, such as rootkits. Even though the executable code in the SMM may be firmware-based and error-free, a variety of techniques for tampering with the operation of the SMM have been seen. For instance, data objects (such as variables, parameter values, function calls, etc.) may be passed to the SMM by the OS, and these data objects may be exploited to gain access to the SMM's high privilege level. For instance, commands may be sent to the SMM that may cause the SMM to perform a series of actions to compromise security features of the OS. In another example, techniques as buffer overflow attack may be used to inject unexpected code into the SMM. These vulnerabilities are further compounded by the fact that SMM operates outside the reach of any anti-malware programs installed and operational under the control of the operating system. Solutions are needed to reduce the susceptibility of the SMM to attack.